[Emerging-updates] Daily Ruleset Update Summary 2018/06/20

Jack Mott jmott at emergingthreats.net
Wed Jun 20 12:32:05 HDT 2018


[***]            Summary:            [***]

2 new Open, 24 new Pro (2 + 22). ProjectHook, Various Phish, W32.Induc
Stealer.

 [+++]          Added rules:          [+++]

Open:

  2025596 - ET TROJAN BackSwap Trojan C2 Domain Observed (debasuin .nl in
DNS Lookup) (trojan.rules)
  2025597 - ET TROJAN BackSwap Trojan C2 Domain Observed (debasuin .nl in
TLS SNI) (trojan.rules)

Pro:

  2831345 - ETPRO TROJAN Win32/TrojanDropper.Delf.OEF CnC Checkin
(trojan.rules)
  2831346 - ETPRO TROJAN MSIL/PSW.Agent.QTT Exfiltrating Passwords and
Cookies (trojan.rules)
  2831347 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Malicious
PSDL 2018-06-20) (current_events.rules)
  2831348 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Malicious
PSDL 2018-06-20 2) (current_events.rules)
  2831349 - ETPRO CURRENT_EVENTS Redirect for Interac Phishing 2018-06-19
(current_events.rules)
  2831350 - ETPRO CURRENT_EVENTS Successful Amex Phish 2018-06-20
(current_events.rules)
  2831351 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2018-06-20
(current_events.rules)
  2831352 - ETPRO CURRENT_EVENTS Successful Microsoft Azure Phish
2018-06-20 (current_events.rules)
  2831353 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
Chase Phishing 2018-06-20 (current_events.rules)
  2831354 - ETPRO CURRENT_EVENTS Successful Personalized Linkedin Phish
2018-06-20 (current_events.rules)
  2831355 - ETPRO TROJAN W32.Induc Stealer Sending PW via SMTP
(trojan.rules)
  2831356 - ETPRO CURRENT_EVENTS Successful Google Login Phish 2018-06-20
(current_events.rules)
  2831357 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Malicious
PSDL 2018-06-20 3) (current_events.rules)
  2831358 - ETPRO TROJAN Observed Malicious SSL Cert (Telegram Bot IP
Check) (trojan.rules)
  2831359 - ETPRO TROJAN ProjectHook POS CnC Keep-Alive (trojan.rules)
  2831360 - ETPRO TROJAN Win32/Pterodo.CL Checkin (trojan.rules)
  2831361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 1) (trojan.rules)
  2831362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 2) (trojan.rules)
  2831363 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 3) (trojan.rules)
  2831364 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 4) (trojan.rules)
  2831365 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 5) (trojan.rules)
  2831366 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 6) (trojan.rules)


 [///]     Modified active rules:     [///]

  2815142 - ETPRO TROJAN Bergard Checkin 1 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20180620/0da043ff/attachment.html>


More information about the Emerging-updates mailing list